% This is the llncs_qe.tex demonstration file
% of the layout for qe seminar papers based on the
% LNCS-Style from Springer.
%
% This is LLNCS.DEM the demonstration file of
% the LaTeX macro package from Springer-Verlag
% for Lecture Notes in Computer Science,
%
\documentclass{llncs_qe}
%
\usepackage[latin1]{inputenc}
%
% f�r neue deutsche Rechtschreibung
\usepackage[ngerman]{babel}
%
% f�r englische Rechtschreibung
%\usepackage[english]{babel}
%
\usepackage{listings} % for code listings
\usepackage{fancyvrb} % for code listings
% \usepackage{hyperref}
\usepackage{color}

\definecolor{lightgray}{rgb}{0.8,0.8,0.8}
\definecolor{violet}{rgb}{0.5,0.21,0.56}
\definecolor{darkgreen}{rgb}{0.0,0.5,0.0}

\lstset {
    %language=c++,                  % language code 
    basicstyle=\footnotesize \ttfamily,      % font size
    numbers=none,                  % where to put line numbers
    numberstyle=\footnotesize,     % numbers size
    numbersep=5pt,                 % how far the line numbers are from the code
    backgroundcolor=\color{lightgray}, % background color
    showspaces=false,                          % show spaces (with underscores)
    showstringspaces=false,            % underline spaces within strings
    showtabs=false,                            % show tabs using underscores
    frame=single,                  % adds a frame around the code
    tabsize=4,                     % default tabsize
    breaklines=true,                  % automatic line breaking
    columns=fullflexible,
    breakautoindent=false,
    framerule=1pt,
    xleftmargin=0pt,
    xrightmargin=0pt,
    breakindent=0pt,
    resetmargins=true
}

\lstdefinestyle{Java}{%
  language=Java,
  keywordstyle=\color{blue},
  breaklines=true,
  frame=none,
  commentstyle=\color{darkgreen},
  backgroundcolor=\color{lightgray},
  stringstyle=\color{violet},
  basicstyle=\scriptsize\ttfamily,       % the size of the fonts that are used for the code
  numbers=left,                   % where to put the line-numbers
  numberstyle=\tiny,      % the size of the fonts that are used for the line-numbers
  stepnumber=1,                   % the step between two line-numbers. If it is 1 each line will be numbered
  numbersep=5pt,                  % how far the line-numbers are from the code
  showspaces=false,               % show spaces adding particular underscores
  showstringspaces=false,         % underline spaces within strings
  showtabs=false,                 % show tabs within strings adding particular underscores
  tabsize=2,              % sets default tabsize to 2 spaces
  captionpos=b,                   % sets the caption-position to bottom
  breaklines=true,        % sets automatic line breaking
  breakatwhitespace=false,    % sets if automatic breaks should only happen at whitespace
  escapeinside={\%}{)}          % if you want to add a comment within your code
}%

%
\pagestyle{plain}
%
\begin{document}
%
\title{Let's do stuff together} 

%
\author{Christoph Fuchs and Stefan Thaler}
%
\supervisor{Dr. Federico Facca}
%
\seminar{Master Seminar}
%
\semester{SS 2010}
%
\abgabedatum{Innsbruck, \today}
%
\institute{\email{christoph.fuchs@student.uibk.ac.at} and
\email{csaf3619@uibk.ac.at}}
%
\frontpagede % creates the frontpage (in german)
%\frontpageen % creates the frontpage (in german)
%
%
\maketitle
%
%
\section{Introduction}
\emph{Let's do stuff together} is a client-server application that brings
people together that want to do the same thing. Our client prototype runs on
\emph{Android 2.1}. It allows the user to create and search new activities that
are in their surroundings. Activities are stored and maintained on the server -
application, which is accessible via HTTP. The server application runs in a
\emph{Tomcat 6} container and uses an \emph{OpenRDF Alibaba Store} for
persisting objects.

\section{Requirements}
To run the server side application you need:
\begin{itemize}
  \item A machine with \emph{JDK 1.6+}
  installed\footnote{Download Java, http://java.sun.com/javase/downloads/index.jsp}.
  \item \emph{Maven2} installed on this machine\footnote{Maven 2,
  http://maven.apache.org/download.html}.
\end{itemize}
To run the client application in a simulator, you need:
\begin{itemize}
  \item A machine with \emph{JDK 1.6+}
  installed.
  \item The \emph{Android SDK}\footnote{Android SDK,
  http://developer.android.com/sdk/index.html}.
  \item \emph{Eclipse}\footnote{Download Eclipse,
  http://www.eclipse.org/downloads/}. with ADT Plugin\footnote{ADT Eclipse Plugin,
  http://developer.android.com/sdk/eclipse-adt.html\#installing}.
\end{itemize}


\section{Installation}
This section provides information about installing client and server application
and related tasks.
\subsection{Server Application}
To install and run the server follow these steps:
\begin{itemize}
  \item Download and install Java JDK 1.6 + 
  \item Download and install Eclipse WTP edition
  \item Download and install Maven
  \item Start Eclipse and checkout the project. The use of the Eclipse Maven
  plugin and Subeclipse plugin is recommended.
  \item Install the Alibaba and Sesame jar from the AdditionLibraries folder to
  the local Maven repository. See AdditionalLibraries/install-notes.txt for
  more information.
\end{itemize}
From there one you can use the following Maven commands in the folder where the
project's pom.xml is located.
\begin{itemize}
  \item Build the eclipse project: mvn eclipse:clean eclipse:eclipse
  \item Compile and run the server: mvn clean install tomcat:run 
  \item Run the unit tests: mvn clean test  
\item Deploying the Application to a server\footnote{Server
  Configuration,http://mojo.codehaus.org/tomcat-maven-plugin/usage.html}:
  \emph{mvn clean install tomcat:deploy}
  \item Build the Activity.jar: mvn clean compile jar:jar 
  \item To skip the unit tests add the following parameter:
  -Dmaven.test.skip=true
\end{itemize}


 \subsection{Client Application} 
This section provides information about how to install and run the \emph{Let's
do stuff together} Android App on your local computer. To do so, follow these
steps:
\begin{itemize}
  \item Download and install Java JDK 1.6 + 
  \item Download and install Eclipse
  \item Download and install Eclipse ADT plugin
  \item Download and install Android SDK
  \item Start the \emph{Android SDK and AVD Manager}
  \item Download the Android API 2.1  and the Google API with the \emph{Android
  SDK and AVD Manager}
  \item Create a new Virtual device with the the \emph{Android SDK and AVD
  Manager}
  \item Start eclipse
  \item Specify the location of the Android SDK in Eclipse's preferences page.
  \item Check out the Project from the Google Code repository. Using
  the Subclipse SVN Eclipse plugin is recommended.
  \item Run the project as Android application.
\end{itemize}
 
\section{Usage}
\emph{Let's do stuff together} is an application that simplifies the process of
finding (new) people for doing activities in a group. \emph{Let's do stuff
together} is designed as a client - server application. The client is
supposed to run on a mobile device. In our case we implemented the prototype
for Android 2.1 compatible devices. The server is accessible via the Internet
and provides search and persistence for activities. \\
We identified two use cases for our project. In the first use case, a person -
John Doe comes to a town - say Innsbruck - and wants to hike up to the
Hungerburg. He doesn't have any friends in Innsbruck  but still wants to
find some company to do so since doing stuff in a group is more fun. He
therefore creates an Activity with \emph{Let's do stuff together}. He destines
a meeting point and time. In addition, he adds a title and short description to
the Activity. Afterwards, he hopefully finds other people interested in doing
the same thing. In the second usecase a person is bored, switches on his
cellphone and retrieves a list of activites within his surroundings where he
can join.



\section{Code Repository}
We host our project\footnote{Let's do stuff together,
http://code.google.com/p/dostufftogether } at \emph{Google Code}. Information
about the repository can be obtained at 
\url{http://code.google.com/p/dostufftogether/source/checkout}. Code for the
ActivityServer and the Android app, Presentation and this paper are available.


\section{Code Licence}
We publish our project under the Apache Version, 2.0\footnote{Apache License
2.0, http://www.apache.org/dev/apply-license.html}.
\begin{lstlisting}[style=java] /*
   This file is part of the 'Let's Do Stuff Together' project
   http://code.google.com/p/dostufftogether/

   Copyright 2010 Christoph Fuchs, Stefan Thaler

   Licensed under the Apache License, Version 2.0 (the "License");
   you may not use this file except in compliance with the License.
   You may obtain a copy of the License at

       http://www.apache.org/licenses/LICENSE-2.0

   Unless required by applicable law or agreed to in writing, software
   distributed under the License is distributed on an "AS IS" BASIS,
   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
   See the License for the specific language governing permissions and
   limitations under the License.
 */
\end{lstlisting}




%
% \textit{Read and report on one of the following papers from the research literature. Your report should be one to two pages long; three-quarters of the report should summarize the paper, and one-quarter of the report should be a critique.} \newline
% 
% \textit{Introduce your report with a formal citation of the paper, using the IEEE reference format.}
% 
% \section{Why Cryptosystems Fail - Summary}
% The paper ``Why Cryptosystems Fail''  by Anderson \cite{why} presents multiple failure modes of retail banking systems. By doing so, Anderson does not restrict those security failures to flaws found by cryptanalysis, but rather points out that many security holes exist in other areas such as implementation or management. \newline
% 
% Anderson focuses on the bank sector - especially on frauds related to ATMs\footnote{Automatic Teller Machines} - since banking systems constitute the next largest application of cryptology (after military organisations) and are under constant threat. He describes how banks deny the possibility of faulty systems and lists multiple cases of miscarriages of justice related to the topic. \newline
% 
% Chapter three of the paper provides a more in-depth look on how ATM fraud takes place by examining the security systems which are used in ATMs and explaining how ATM encryption works. Anderson identified multiple attacks on ATMs which are due to simple errors of implementation and operation:
% \begin{enumerate}
%  \item Inside knowlege or access by bank staff (issue extra card, simply withdraw money since complaints are not believed anyway)
%  \item Outsiders gaining restricted knowledge (by spying on customers' PINs and getting the account numbers from discarded ATM tickets) which can then be copied to blank cards. Other examples include executing replay attacks, postal interception, test transactions, false terminals, and even programming errors which lead to strange behaviours of the ATMs (put a phone card into the ATM and the ATM thinks the last used card was re-inserted).
%  \item Weakness of the four-digit PIN when using offline devices, writing the PIN down or distributing the same PIN (or a small amount of PINs) to the customers.
%  \item Further weakness of the PIN: The PIN might be weak if the customer chooses it so it can be easily remembered (example: 1234). Some banks hold all the encrypted PINs on a file (or even worse: on the card itself), enabling a programmer to find other accounts using his own PIN (or changing the account number stored on your card to another account with the same PIN).
% \end{enumerate}
% 
% The cryptographically interesting, more complex attacks are also presented in the paper. Although such attacks are rare on banking systems, they are of interest from the public policy point of view:
% \begin{enumerate}
%  \item Programmers know or are able to find out the PIN key
%  \item Security Modules. Engineers include trapdoors in security module software which enables engineers as well as attackers to extract the PIN key from the system. Further, security modules can be broken and have their own master keys for internal use, which are often backed up in easily readable form (PROM chips).
%  \item Sloppy operating procedures, including shared PIN keys across two or more banks, handing over PIN keys to third party firms, poor key management in general, key and SWIFT lists that are kept in open correspondence files rather than being locked up.
%  \item Cryptanalysis is also possible due to very old and home-grown encryption algorithms. This enables attackers to brute force the encryption key which enables them to retrieve the zone keys, which in turn are used to encrypt the PINs of the customers.
% \end{enumerate}
% 
% The last part of chapter three outlines the consequences for bankers as well as equipment vendors. The main technical lessons for bankers are that competent consultants should be hired. Quality control is also a big aspect here. Equipment vendors have to bring their security expertise to market in the form of products, such as hardware devices, software packages and training courses. \newline
% 
% In section 4, Anderson points out that tho technical weaknesses such as poor encryption algorithms or loopholes exist, they do not seem to have contributed in any significant way to the crime figures. The attacks which actually happened were made possible because the banks did not use the available products properly. He further explains a shift from the military model to the bank model, where secrecy is not guaranteed and iternal and external fraud is more likely. Another problem Anderson adresses is the existence of firms pretending to have expertise in security, which they simply don't possess. \newline
% 
% Finally Anderson presents a new metaphor which states that a precise and clear specification  regarding the failure modes, security strategy, and implementation should be formulated. Further, quality has to be assured by certification and monitoring.
% 
% \subsection{Critique}
% Anderson often used civil aviation as an easy to understand example for security systems. While I found the example useful to point out that a failure of a bank system has not the same effect on people than a plane crashing, I found it sometimes confusing when he jumps back to the civil aviation example further on in the paper. \newline
% 
% I found the paper was very readable and also quite entertaining. Especially the concrete cases of miscarriages of justice, as well as the fact that there have been (or probably still are) fake ATMs in shopping malls to harvest account numbers and PINs of clueless customers have been very interesting. Although the paper might not go into very deep technical details, it gave a very good overview of what are real and possible frauds related to ATM systems.
% 


%
\bibliographystyle{splncs}
%

\newpage

\nocite*
\bibliography{llncs_qe}
%
\end{document}
